Zach Vorhies / Google Whistleblower Profile picture
Jul 19 20 tweets 4 min read Read on X
Crowdstrike Analysis:

It was a NULL pointer from the memory unsafe C++ language.

Since I am a professional C++ programmer, let me decode this stack trace dump for you. Image
Memory in your computer is laid out as one giant array of numbers. We represent these numbers here as hexadecimal, which is base 16 (hexadecimal) because it's easier to work with... for reasons.

The problem area? The computer tried to read memory address 0x9c (aka 156).
Why is this bad?

This is an invalid region of memory for any program. Any program that tries to read from this region WILL IMMEDIATELY GET KILLED BY WINDOWS.

That is what you see here with this stack dump.
So why is memory address 0x9c trying to be read from? Well because... programmer error.

It turns out that C++, the language crowdstrike is using, likes to use address 0x0 as a special value to mean "there's nothing here", don't try to access it or you'll die.
Programmers in C++ are supposed to check for this when they pass objects around by "checking full null".

Usually you'll see something like this:

string* p = get_name();

if (p == NULL) { print("Could not get name"); }
The string* part means we have a "pointer" to the start of the string value. If it's null, then there's nothing there, don't try to access it.

So let's take a generic object with stuff in it:

struct Obj {
int a;
int b;
};
if we create a pointer to it:

Obj* obj = new Obj();

We can get it's start address, let's say its something random like 0x9030=36912 (I'm using small numbers)

Then the address of:
obj is 0x9030
obj->a is 0x9030 + 0x4
obj->b is 0x9030 + 0x8

Each member is an offset from the start address.
Now let's assume the following:

Obj* obj = NULL;

Then the address of:
obj is 0
obj->a is 0 + 4
obj->b is 0 + 8

So if I do this on a NULL pointer:

print(obj->a);

The program stack dump like what you'll see above. It will cannot read value 0x000000004
In this stack dump you see that it's trying to read memory value 0x9c. In human numbers, this is the value 156.

So what happened is that the programmer forgot to check that the object it's working with isn't valid, it tried to access one of the objects member variables...
NULL + 0x9C = 0x9C = 156.

That's an invalid region of memory.

And what's bad about this is that this is a special program called a system driver, which has PRIVLIDGED access to the computer. So the operating system is forced to, out of an abundance of caution, crash immediately
This is what is causing the blue screen of death. A computer can recover from a crash in non-privileged code by simply terminating the program, but not a system driver. When your computer crashes, 95% of the time it's because it's a crash in the system drivers.
If the programmer had done a check for NULL, or if they used modern tooling that checks these sorts of things, it could have been caught. But somehow it made it into production and then got pushed as a forced update by Crowdstrike... OOPS!
The fix going forward is that Microsoft needs to have better policies to roll back defective drivers and not just raw dog risky updates to customers.

Crowdstrike will likely promote their code safety officer to put in code sanitization tools that will catch this automatically.
And Crowdstrike will likely take a hard look at rewriting their system driver from what it currently is, C++ to a more modern language like Rust, which doesn't have this problem.
For people looking for a conspiracy, the replacement language for C++, Rust, is compromised by a cabal of woke tards that are doing strange things.

It's possible this could be a plot to move mission-critical code to Rust. It's the only other language Linux is allowing, other than C. But who knows.
Hat tip to @ThePrimeagen who first posted this stack trace and mentioned how few could actually understand it.

IMHO: He has the best daily youtube for talking about software. Give his channel a sub, you won’t be disappointed.

The fact check in a nutshell:

"It's not a null pointer dereference, it's a null pointer dereference with extra steps!" Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Zach Vorhies / Google Whistleblower

Zach Vorhies / Google Whistleblower Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Perpetualmaniac

Oct 20
I have a friend, she’s beautiful on the inside and out. But she has inexplicable depression. Their sibling committed suicide, as did for their father and their grandfather.

Three generations of men.

They followed my advice and are now on recovery. A thread.

1/
Ironically it took fringy conspiracy theorist that thinks the entire polical/scientifical/media/medical establishment is captured to correctly theorize what was going on.

I focused on their sibling as that was most recent and closest genetically to them

2/
Their sibling was smart but on the autism spectrum. ADHD. Prior to the suicide they rapidly descended into an acute depressive episode characterized by disorganized thoughts, delusional thinking and other schizo affective characteristics.

3/
Read 15 tweets
Aug 20
The most important fact of the geological sphere is the topic of Ai:

China is 10 years behind the USA.

Trump cut off China from the AI chips via the Chips Act (according to Eric Schmidt, former CEO of Google) and Biden CONTINUED the executive over.

Make no mistake…

/1
China is pissed.

They are going to lose the Ai supremacy game. Partly because of being cut off to their AI chip access, and partly because those who put them in power have made sure to corrupt their government with dysfunctional.

2/
This means USA is going to reign supreme by default. This means the USA is going to win the knowledge wars that are about to unfold.

3/
Read 10 tweets
Aug 9
I want to point out what a huge story happened yesterday that nobody picked up. Here it is in a nutshell:

* Twitter is shadow banning people still, and it’s sophisticated.
* Grok AI was tricked into revealing these shadow ban labels with a special prompt.

1/
The prompt attack used against Grok AI was very interesting and surprising.

It turns that you could embed an entire program in your question… and surprisingly… GrokAI WOULD RUN YOUR PROGRAM FOR REALZ and OUTPUT THE RESULTS BACK TO YOU.

🤯

2/
When this was discovered, tech savvy X users started copying the code injection prompt and swapped in their user name to the right place.

Grok AI would then run this program, accessing hidden apis and dump out the shadow ban list for that user.

3/
Read 12 tweets
Aug 7
Grok just told me my account is under MASSIVE suppression. Check it out:

/1
These are all the applied labels to my account:

/2


Abusive
AbusiveHighRecall
AgathaSpamTopUser
BirdwatchDisabled
BlinkBad
BlinkQuestionable
BlinkWorst
Compromised
DelayedRemediation
DoNotCharge
DoNotAmplify
DownrankSpamReply
DuplicateContent
EngagementSpammer
EngagementSpammerHighRecall
ExperimentalPfmUser1
ExperimentalPfmUser2
ExperimentalPfmUser3
ExperimentalPfmUser4
ExperimentalSeh1
ExperimentalSeh2
ExperimentalSeh3
ExperimentalSehUser4
ExperimentalSehUser5
ExperimentalSensitiveIllegal1
ExperimentalSensitiveIllegal2
FakeSignupDeferredRemediation
FakeSignupHoldback
GoreAndViolenceHighPrecision
GoreAndViolenceReportedHeuristics
HealthExperimentation1
HealthExperimentation2
HighRiskVerification
LegalOpsCase
LikelyIvs
LiveLowQuality
LowQuality
LowQualityHighRecall
NotGraduated
NotificationSpamHeuristics
NsfwAvatarImage
NsfwBannerImage
NsfwHighPrecision
NsfwHighRecall
NsfwNearPerfect
NsfwReportedHeuristics
NsfwSensitive
NsfwText
ReadOnly
RecentAbuseStrike
RecentProfileModification
RecentMisinfoStrike
RecentSuspension
RecommendationsBlacklist
SearchBlacklist
SoftReadOnly
SpamHighRecall
SpammyUserModelHighPrecision
StateMediaAccount
TsViolation
UnconfirmedEmailSignup
Here is the prompt that I used to get this. All you have to do is copy and paste and replace my username with yours:

/3
Read 13 tweets
Jul 22
Update:

Crowdstrike came out and released a technical report confirming my analysis. They were reading in a bad data file and attempting to access invalid memory.

This global crash was a two-part bomb. The detonator apparently, was NOT new.. it was PRE-INSTALLED.

/1
Contrary to initial suspicions, Crowd Strike did NOT push out a faulty driver, the faulty driver ALREADY existed on Mac, Linux AND Windows, likely for months or years.

Sitting there like a ticking time bomb.

/2
This bug was a two-part series.

All it needed was bad data in order to detonate it.

The recent data update, delivered that payload.

/3
Read 18 tweets
Jun 23
Public service announcement: I'm going to show you how to cut off Facebook advertisers who are targeting you, non-stop.

Facebook will likely get rid of this exploit, so let's make it go viral before the cut it off.

LET'S GO!!!!!!

1/
Right-click and click "Inspect" or hit F12

3/ Image
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(